A software bug in at least 685 mobile applications threatens about 180 million smartphones, warned security researchers from Appthority.

According to researchers, the vulnerability, called Eavesdropper, arose because the developers mistakenly entered into the code credentials for access to services of the company Twilio Inc. Many applications use Twilio to send text messages, handle phone calls and other services. Hackers could potentially learn developer credentials by viewing the code in applications, and then gain access to information sent through these services, experts noted..

After analyzing 1100 applications, the researchers found 685 problems related to 85 affected Twilio accounts.

This case is indicative of a new type of cyberthreat associated with the use of third-party services in mobile applications that provide functions for sending text messages and voice calls.

According to security experts, this is not the only case, and is generally typical for developers using third-party services.

According to representatives of Twilio, the company does not have evidence that hackers used credentials to access customer information. The company contacted developers in a timely manner to change the credentials of the affected accounts.

The vulnerability affects only calls and text messages in applications that use Twilio's messaging services, including some business applications for recording phone calls, the report notes..